//mysql模块
const sqlQuery = require('./HGmysql');
//封装加密
async function adminAuth(req, res, next) {
    //1.获取登录后的用户名
    let username = req.session.user;
    //2.通过用户名 查看可以访问地址
    let strSql = `SELECT * from auth WHERE id in(SELECT authid FROM role_auth WHERE rolaid=(SELECT roleid from login WHERE user = '${username}'))`;
    let result = await sqlQuery(strSql);
    let resultArr = Array.from(result);
    //判断当前请求的路径是否允许的路径
    let httpUrl = req.originalUrl;
    console.log(httpUrl);

    let isAllow = resultArr.some((item, i) => {
        console.log(item);
        let s = new RegExp(item.authurl).test(httpUrl);
        console.log(s);

        return s
    })
    if (isAllow) {
        //如果允许直接进入
        next()
    } else {
        res.send('你没有权限')
    }
}
module.exports = adminAuth;